Legend:

> And then once we are done parsing, we do have a valid signature for the vote which then make us check if we know the authority with trusteddirserver_get_by_v3_auth_digest().

6

6

7

7

The issue of anyone being able to trigger a hypothetical vulnerability in one of the parsing functions aside, it's also just simply not efficient to do all the parsing work and then chuck the results at the end of `networkstatus_parse_vote_from_string()` if the signature wasn't from a valid sig from a known authority.